TU Berlin

Main document

Literature Database Entry


Jan Petranek, "Distributed Intrusion Detection of Distributed Attacks," Master's Thesis, Wilhelm-Schickard-Institute for Computer Science, University of Tübingen, May 2005. (Advisors: Falko Dressler and Gerhard Münz)


We introduce DIDODA, a system for the Distributed Intrusion Detection of Distributed Attacks. The major goal and design criterion is the detection of distributed denial-of-service (DDoS) attacks. Other than many common attacks, DDoS attacks cannot be mitigated by security measures on the target. Therefore, they pose a constant threat to all Internet based services. Effective countermeasures can be implemented by a distributed Firewall system within the Internet backbones. The detection, that must precede a successful mitigation has remained an open issue. The DIDODA system explores the possibilities of a distributed detection framework. The monitoring nodes of the system shall be distributed across the Internet backbones. By a simple, yet powerful communication and selection scheme, DIDODA gains a global picture of the most urgent attacks. In the open network of the Internet, the line between regular use and malicious misuse is a thin one. We will inevitably face events, where we cannot make this difference with a successfulcient certainty. DIDODA features an investigation system - both local and distributed - that thoroughly examines uncertain events, until DIDODA can state with confidence, whether the event is part of a malicious behaviour. Furthermore, this investigation process is the first preparation to a successful mitigation. As a by-product, it yields valuable information - up to complete packet filter descriptions - that shall be useful in deploying countermeasures. This approach of an automated investigation and assessment of network events makes the monitoring of Internet traces for net-wide events feasible.

Quick access

BibTeX BibTeX


Jan Petranek

BibTeX reference

    author = {Petranek, Jan},
    title = {{Distributed Intrusion Detection of Distributed Attacks}},
    advisor = {Dressler, Falko and M{\"{u}}nz, Gerhard},
    institution = {Wilhelm-Schickard-Institute for Computer Science},
    location = {T{\"{u}}bingen, Germany},
    month = {5},
    school = {University of T{\"{u}}bingen},
    type = {Master's Thesis},
    year = {2005},

Copyright notice

Links to final or draft versions of papers are presented here to ensure timely dissemination of scholarly and technical work. Copyright and all rights therein are retained by authors or by other copyright holders. All persons copying this information are expected to adhere to the terms and constraints invoked by each author's copyright. In most cases, these works may not be reposted or distributed for commercial purposes without the explicit permission of the copyright holder.

The following applies to all papers listed above that have IEEE copyrights: Personal use of this material is permitted. However, permission to reprint/republish this material for advertising or promotional purposes or for creating new collective works for resale or redistribution to servers or lists, or to reuse any copyrighted component of this work in other works must be obtained from the IEEE.

The following applies to all papers listed above that are in submission to IEEE conference/workshop proceedings or journals: This work has been submitted to the IEEE for possible publication. Copyright may be transferred without notice, after which this version may no longer be accessible.

The following applies to all papers listed above that have ACM copyrights: ACM COPYRIGHT NOTICE. Permission to make digital or hard copies of part or all of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, to republish, to post on servers, or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from Publications Dept., ACM, Inc., fax +1 (212) 869-0481, or permissions@acm.org.

The following applies to all SpringerLink papers listed above that have Springer Science+Business Media copyrights: The original publication is available at www.springerlink.com.

This page was automatically generated using BibDB and bib2web.